The present invention relates to authenticating application programs, and is particularly directed to a method of authenticating an application program for use in an unattended system such as at a self-service terminal (SST) or an automated teller machine (ATM).
A typical authentication scheme to authenticate a user in an unattended system having a number of installed application programs relies upon the user having some secret knowledge (such as a personal identification number) to allow the user to gain access to valuable system resources of the unattended system. While this authentication scheme may provide adequate security in an attended system, such an authentication scheme may not provide the level of security desired in an unattended system, such as at a SST or ATM. The level of security desired may not be provided by the known authentication scheme because it is still possible to introduce an altered and/or fraudulent application program into the SST or ATM without subsequent users knowing the application program has been altered and/or is fraudulent.